dh> Unfortunately I don't know a way to see what DLL function is executed dh> by rundll32.exe. With procexp from www.sysinternals.com you can view dh> what DLLs are used by a process, but that are quite a few and not dh> simply the one being called. http://www.p-nand-q.com/download/rundll32.html an excerpt from the web page "...patched RUNDLL32 to write its startup arguments to the event log. Once you've installed this tool, you'll see entries like the following in the Event Viewer Application Log: RUNDLL32.EXE: GetCommandLineW(): "C:\WINNT\System32\RUNDLL32.EXE" TWEAKUI.CPL,TweakMeUp So you know what's up." This is for an NT based system and as I found this just last night I have not tested it on my system. -- Best regards, BWMarcotte Using The Bat! v2.04.7 on Windows 2000 5.0 Build 2195 Service Pack 3
pgp00000.pgp
Description: PGP signature
________________________________________________ Current version is 2.04.7 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
